CrowdStrike launched an update for security platform CrowdStrike Falcon. The organization uses new AI models to recognize never-before-seen attacks.

Research is a cornerstone of cybersecurity. Security vendors monitor cybercriminals to recognize patterns and intercept attacks through software. The patterns constantly change. Attackers switch tools and methods to stay under the radar. A brand new tactic has a higher chance of success than one that’s been known to security providers for years.

CrowdStrike tackled the problem more than a decade ago. The organization launched ‘Indicators of Attack’ (IoAs), a functionality that analyzes user behaviour to recognize attacks. Behaviour is harder to change than a tool, meaning IoAs make it harder for cybercriminals to avoid detection. The functionality was recently updated. IoAs now work with artificial intelligence (AI) to recognize advanced, unknown attacks.

AI-based Indicators of Attack

The functionality works as follows. CrowdStrike trains multiple AI models based on global threat intelligence. The AI models analyze cyberattacks to find patterns in attacker behaviour. Once the AI discovers a pattern, the pattern is incorporated into security platform CrowdStrike Falcon. From there on out, users of CrowdStrike Falcon are protected against attacks that follow a similar pattern.

The models train on recent threat intelligence day and night. As a result, CrowdStrike Falcon quickly becomes aware of new attack patterns. The functionality allows the platform to recognize and block unknown attack techniques, regardless of the tools used by an attacker.

According to CrowdStrike, the models discovered more than 20 never-before-seen attack patterns during the testing phase. Security experts at CrowdStrike confirmed the attacks were carried out by cybercriminals. The patterns have since been incorporated into CrowdStrike Falcon.

Tip: CrowdStrike extends Falcon for public cloud environments